New SSL vulnerability - GoFuckYourself.com

transbetty · 03-16-2015, 02:52 AM

Hello, not sure if it was posted before.

Quote:

On Tuesday, March 3, 2015, researchers announced a new SSL/TLS vulnerability called the FREAK attack. It allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption, which the attacker can break to steal or manipulate sensitive data. This site is dedicated to tracking the impact of the attack and helping users test whether they?re vulnerable.

The FREAK attack was discovered by Karthikeyan Bhargavan at INRIA in Paris and the miTLS team. Further disclosure was coordinated by Matthew Green. This report is maintained by computer scientists at the University of Michigan, including Zakir Durumeric, David Adrian, Ariana Mirian, Michael Bailey, and J. Alex Halderman. The team can be contacted at [email protected].

Read more / check your browser at: https://freakattack.com/

Sorry if it's old news on GFY.

seeandsee · 03-16-2015, 03:15 AM

Nice, thanks god they cant do anything with me, no sensitive data

transbetty · 03-16-2015, 03:36 AM

Quote:

Originally Posted by seeandsee

Nice, thanks god they cant do anything with me, no sensitive data

I think most processors like CCBILL are covered.

I would be careful though running a retail site with connection to some small payment gateways. They are often patched later.

RummyBoy · 03-16-2015, 04:48 AM

BBC News - Millions at risk from 'Freak' encryption bug

A week is a long time in virus news - its like a decade. I guess Firefox is probably safer than other browsers until the fix but it looks like Chrome is already fixed.

freecartoonporn · 03-16-2015, 04:55 AM

not this shit again.

RummyBoy · 03-16-2015, 05:01 AM

Quote:

Originally Posted by freecartoonporn

not this shit again.

transbetty · 03-16-2015, 05:07 AM

Haha great video response.

I agree it's more of a "freat-out" situ, but... I wouldn't want to be 000.1% who got their processing closed for this.

transbetty · 03-16-2015, 05:59 AM

Code:

Chrome for Windows and all modern versions of Firefox are known to be safe.

This vulnerability requires both server and client (browser) to be unpatched.

transbetty · 03-16-2015, 06:08 AM

FYI: Amerinoc patched my VPS very promptly. Thumbs up guys.

woj · 03-16-2015, 08:01 AM

"This report is maintained by computer scientists at the University of Michigan"

vulnerable sites:
1702 umich.edu 141.211.243.44

03-16-2015, 03:15 AM	#2
seeandsee Check SIG! Industry Role: Join Date: Mar 2006 Location: Europe (Skype: gojkoas) Posts: 50,945	Nice, thanks god they cant do anything with me, no sensitive data __________________ BUY MY SIG - 50$/Year Contact here

03-16-2015, 04:55 AM	#5
freecartoonporn Confirmed User Industry Role: Join Date: Jan 2012 Location: NC Posts: 7,683	not this shit again. __________________ SSD Cloud Server, VPS Server, Simple Cloud Hosting \| DigitalOcean

03-16-2015, 05:07 AM	#7
transbetty Confirmed User Industry Role: Join Date: May 2013 Location: Prague Posts: 197	Haha great video response. I agree it's more of a "freat-out" situ, but... I wouldn't want to be 000.1% who got their processing closed for this. __________________ Tranny Sites - tranny, fetish & BDSM porn site reviews by Betty Tranny Ladies - online tranny dating and community portal Transbetty - my personal blog (articles/photos/reflections)

03-16-2015, 05:59 AM	#8
transbetty Confirmed User Industry Role: Join Date: May 2013 Location: Prague Posts: 197	Code: Chrome for Windows and all modern versions of Firefox are known to be safe. This vulnerability requires both server and client (browser) to be unpatched. __________________ Tranny Sites - tranny, fetish & BDSM porn site reviews by Betty Tranny Ladies - online tranny dating and community portal Transbetty - my personal blog (articles/photos/reflections)

03-16-2015, 06:08 AM	#9
transbetty Confirmed User Industry Role: Join Date: May 2013 Location: Prague Posts: 197	FYI: Amerinoc patched my VPS very promptly. Thumbs up guys. __________________ Tranny Sites - tranny, fetish & BDSM porn site reviews by Betty Tranny Ladies - online tranny dating and community portal Transbetty - my personal blog (articles/photos/reflections)

03-16-2015, 04:48 AM	#4
RummyBoy Confirmed User Join Date: Dec 2009 Posts: 2,157	BBC News - Millions at risk from 'Freak' encryption bug A week is a long time in virus news - its like a decade. I guess Firefox is probably safer than other browsers until the fix but it looks like Chrome is already fixed.

03-16-2015, 08:01 AM	#10
woj <&(©¿©)&> Industry Role: Join Date: Jul 2002 Location: Chicago Posts: 47,882	"This report is maintained by computer scientists at the University of Michigan" vulnerable sites: 1702 umich.edu 141.211.243.44 __________________ Custom Software Development, email: woj#at#wojfun#.#com to discuss details or skype: wojl2000 or gchat: wojfun or telegram: wojl2000 Affiliate program tools: Hosted Galleries Manager Banner Manager Video Manager Wordpress Affiliate Plugin Pic/Movie of the Day Fansign Generator Zip Manager